Lucene search
K

245 matches found

Wolfi
Wolfi
added last week7 views

GHSA-Q5H6-FCF5-49G9 vulnerabilities

Vulnerabilities for packages: py3-nltk...

5.9AI score
Exploits0
Wolfi
Wolfi
added last week7 views

CVE-2026-54293 vulnerabilities

Vulnerabilities for packages: py3-nltk...

7.5CVSS5.9AI score0.00378EPSS
Exploits1
Chainguard
Chainguard
added last week7 views

CVE-2026-12243 vulnerabilities

Vulnerabilities for packages: py3-nltk...

7.5CVSS7AI score0.0051EPSS
Exploits1
Chainguard
Chainguard
added last week8 views

GHSA-Q5H6-FCF5-49G9 vulnerabilities

Vulnerabilities for packages: py3-nltk...

5.9AI score
Exploits0
Chainguard
Chainguard
added last week6 views

GHSA-P4GQ-832X-FM9V vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.13-sdk, py3-nltk, apache-beam-python-3.11-sdk, apache-beam-python-3.12-sdk...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-12252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and...

10CVSS7.7AI score0.00809EPSS
Exploits4References3
PyPA
PyPA
added 2026/07/04 2:16 a.m.5 views

PYSEC-0000-CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/07/04 2:16 a.m.9 views

CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS0.00158EPSS
Exploits1References1
OSV
OSV
added 2026/07/04 12:58 a.m.1 views

CVE-2026-12252 Untrusted JAR Code Execution in Multiple Stanford Interface Classes in nltk/nltk

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.4AI score0.00158EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/07/04 12:58 a.m.6 views

CVE-2026-12252

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.7AI score0.00158EPSS
Exploits1
Cvelist
Cvelist
added 2026/07/04 12:58 a.m.35 views

CVE-2026-12252 Untrusted JAR Code Execution in Multiple Stanford Interface Classes in nltk/nltk

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS0.00158EPSS
Exploits1References1
CVE
CVE
added 2026/07/04 12:58 a.m.30 views

CVE-2026-12252

CVE-2026-12252 affects nltk/nltk versions 3.9.3 and earlier, leaving five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, StanfordNeuralDependencyParser) vulnerable to untrusted JAR code execution. These classes accept user-controlled JA...

7.8CVSS7.7AI score0.00158EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/30 2:22 p.m.9 views

CVE-2026-12243

A flaw was found in NLTK. An attacker can exploit a path traversal vulnerability by providing specially crafted input to nltk.data.load or nltk.data.find. This allows the attacker to read arbitrary files accessible to the Python process, leading to information disclosure. The vulnerability arises...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References4
OSV
OSV
added 2026/06/30 1:16 a.m.4 views

DEBIAN-CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References1
NVD
NVD
added 2026/06/30 1:16 a.m.11 views

CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS0.0051EPSS
Exploits1References1
OSV
OSV
added 2026/06/30 1:16 a.m.4 views

UBUNTU-CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/30 12:14 a.m.14 views

EUVD-2026-40240

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.3AI score0.0051EPSS
Exploits1References1
OSV
OSV
added 2026/06/30 12:14 a.m.3 views

CVE-2026-12243 Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/25 12:0 a.m.4 views

python311-nltk-3.10.0rc1-1.1 on GA media (moderate)

python311-nltk-3.10.0rc1-1.1 on GA media Announcement ID: openSUSE-SU-2026:11098-1 Rating: moderate Cross-References: CVE-2026-54293 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

7.5CVSS5.9AI score0.00378EPSS
Exploits1
EUVD
EUVD
added 2026/06/22 5:25 p.m.9 views

EUVD-2026-38333

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References2
Rows per page
Query Builder